linux-stable.git - Linux kernel stable tree

diff options

author	Hyunwoo Kim <imv4bel@gmail.com>	2022-09-07 09:07:14 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-09-15 12:17:02 +0200
commit	021805af5bedeafc76c117fc771c100b358ab419 (patch)
tree	fadd5811529082d3a0475a61a758ddf922002c62 /samples/pktgen
parent	ca0d26cc15fd2931b407f6fee249743fea8e8138 (diff)
download	linux-stable-021805af5bedeafc76c117fc771c100b358ab419.tar.gz linux-stable-021805af5bedeafc76c117fc771c100b358ab419.tar.bz2 linux-stable-021805af5bedeafc76c117fc771c100b358ab419.zip

efi: capsule-loader: Fix use-after-free in efi_capsule_write

commit 9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 upstream. A race condition may occur if the user calls close() on another thread during a write() operation on the device node of the efi capsule. This is a race condition that occurs between the efi_capsule_write() and efi_capsule_flush() functions of efi_capsule_fops, which ultimately results in UAF. So, the page freeing process is modified to be done in efi_capsule_release() instead of efi_capsule_flush(). Cc: <stable@vger.kernel.org> # v4.9+ Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com> Link: https://lore.kernel.org/all/20220907102920.GA88602@ubuntu/ Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'samples/pktgen')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: